5 #include <sys/socket.h>
6 #include <bluetooth/bluetooth.h>
7 #include <bluetooth/rfcomm.h>
9 #include <netinet/in.h>
10 #include <arpa/inet.h>
12 int parse_packet(unsigned char *buf, unsigned bytes, int sock)
18 ptr = strtok((char *)buf, "\n");
20 if (strncmp(ptr, "*NETWORK: ", 10) == 0) {
22 int crypted, weak, signal, noise;
23 if (sscanf(ptr, "*NETWORK: %s %d %d %d %d", bssid, &crypted, &weak, &signal, &noise) != 5) {
24 printf("Couldn't parse NETWORK packet\n");
26 if (strcmp(bssid, "00:0D:54:A0:27:7F") == 0) {
27 static int last_crypted = 0;
28 char str1[64], str2[64], str3[64], str4[64];
30 sprintf(str1, "Crypted: %d", crypted);
31 sprintf(str2, "Weak IVs: %d", weak);
32 sprintf(str3, "Signal level: %d dB", signal);
33 sprintf(str4, "Noise level: %d dB", noise);
35 write(sock, "\000\001", 2);
36 len = htons(2 * 4 + strlen(str1) + strlen(str2) + strlen(str3) + strlen(str4));
37 write(sock, (char*)&len, 2);
39 len = htons(strlen(str1));
40 write(sock, (char*)&len, 2);
41 write(sock, str1, strlen(str1));
43 len = htons(strlen(str2));
44 write(sock, (char*)&len, 2);
45 write(sock, str2, strlen(str2));
47 len = htons(strlen(str3));
48 write(sock, (char*)&len, 2);
49 write(sock, str3, strlen(str3));
51 len = htons(strlen(str4));
52 write(sock, (char*)&len, 2);
53 write(sock, str4, strlen(str4));
55 // vibrate 250ms for every 10k packets
56 if (crypted/10000 != last_crypted/10000) {
57 write(sock, "\000\016\000\002\000\372", 6);
60 // vibrate 1750ms extra for every 100k packets
61 if (crypted/100000 != last_crypted/100000) {
62 write(sock, "\000\016\000\002\006\326", 6);
65 last_crypted = crypted;
71 ptr = strtok(NULL, "\n");
77 int main(int argc, char **argv)
79 struct sockaddr_rc loc_addr = { 0 }, rem_addr = { 0 };
80 struct sockaddr_in addr;
81 unsigned char buf[1024] = { 0 };
82 char initstr[] = "!1 ENABLE NETWORK bssid,cryptpackets,weakpackets,signal,noise\n";
83 int s, client, kismet, bytes_read;
84 size_t opt = sizeof(rem_addr);
88 s = socket(AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM);
90 // bind socket to port 1 of the first available
91 // local bluetooth adapter
92 loc_addr.rc_family = AF_BLUETOOTH;
93 loc_addr.rc_bdaddr = *BDADDR_ANY;
94 loc_addr.rc_channel = (uint8_t) 1;
95 bind(s, (struct sockaddr *)&loc_addr, sizeof(loc_addr));
97 // put socket into listening mode
100 // accept one connection
101 client = accept(s, (struct sockaddr *)&rem_addr, &opt);
103 ba2str( &rem_addr.rc_bdaddr, buf );
104 fprintf(stderr, "accepted connection from %s\n", buf);
105 memset(buf, 0, sizeof(buf));
107 ioctl(client, FIONBIO, &one);
110 kismet = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
111 addr.sin_family = AF_INET;
112 addr.sin_addr.s_addr = inet_addr("127.0.0.1");
113 addr.sin_port = htons(2501);
115 if (connect(kismet, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
119 ioctl(kismet, FIONBIO, &one);
120 write(kismet, initstr, strlen(initstr));
122 printf("Connected to Kismet.\n");
124 // read data from the client
128 // gobble up data from the phone
129 bytes_read = read(client, buf, sizeof(buf) - 1);
130 if( bytes_read > 0 ) {
132 printf("received [");
133 for (i = 0; i < bytes_read; ++i)
134 printf("0x%02x ", buf[i]);
139 bytes_read = read(kismet, buf, sizeof(buf));
140 if( bytes_read > 0 ) {
142 for (i = 0; i < bytes_read; ++i)
143 printf("%c", buf[i]);
145 flag = parse_packet(buf, bytes_read, client);
150 write(client, "\000\012\000\000", 4);